Firewall Wizards mailing list archives
Re: sndvol.exe
From: "Ryan Russell" <Ryan.Russell () sybase com>
Date: Sat, 20 Mar 1999 10:02:46 -0800
Yea, the Bulgarians have been creating trojans to attack a Bulgarian ISP they don't like. I think this one was e-mailed to people pretenting to be "Your Internet Explorer Updgrade" I think the executable was IE1099.EXE or something similar. A web search or check with the antivirus vendors ought to turn it up. I also believe most of the antivirus vendors will catch it if you;ve got the latest versions. Ryan "Randy Garbrick" <garbrir () hotmail com> on 03/18/99 04:33:06 PM Please respond to "Randy Garbrick" <garbrir () hotmail com> To: firewall-wizards () nfr net cc: (bcc: Ryan Russell/SYBASE) Subject: sndvol.exe Has anyone noticed a Trojan horse called sndvol.exe that replaces the Win NT/9X sndvol.exe and then does a continuous port scan from inside a firewall to multiple outside addresses? It created a denial of service by maxing out the sessions on our Pix. We're trying to locate the source of the executable. Randy Garbrick Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- sndvol.exe Randy Garbrick (Mar 19)
- Re: sndvol.exe 0x1c (Mar 21)
- Re: sndvol.exe Paul M. Cardon (Mar 22)
- Re: sndvol.exe 0x1c (Mar 23)
- Re: sndvol.exe Paul M. Cardon (Mar 22)
- Re: sndvol.exe Paul M. Cardon (Mar 21)
- Re: sndvol.exe Gordy Thompson (Mar 21)
- <Possible follow-ups>
- Re: sndvol.exe Ryan Russell (Mar 21)
- RE: sndvol.exe Frank W. Keeney (Mar 22)
- Re: sndvol.exe 0x1c (Mar 21)